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(54) Restriction method for utilization of computer file with use of biometrical information, 
method of logging in computer system and recording medium 



(57) When logging in a server via an information net- 
work, high security is ensured without using a password. 
When a temiinal 2 accesses a server 3, a"random key 
is sent from the server 3. An operator inputs a fingerprint 
from an individual identification input device, and the ter- 
minal 2 collates the fingerprint infonnation with regis- 
tered fingerprint infonnation previously registered. If a 
match is obtained, the temriinal 2 generates a log-in 
packet, and transmits the log-in packet to the server 3. 
If a match is not obtained, the iog-in processing is sus- 
pended. The server 3 resolves the received log-in pack- 
et, takes out the registered fingerprint infonnation, fin- 
gerprint infonnation, and a user code, and collates the 
registered fingerprint information with fingerprint infor- 
mation. If a match is obtained, the server 3 collates the 
transmitted user code with a user code previously stored 
in the server 3. If a match is not obtained, the log-in 
processing is suspended. If a match is obtained, the 
server 3 pennits log-in. 
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Description 

TECHNICAL FIELD OF THE INVENTION 

[0001] The present Invention relates to a technique for 
preventing from unauthorized use of computer, and In 
particular to a technique that is effective in application 
to user authentication using biometrlcal data. 

BACKGROUND OF THE INVENTION 

[0002] According to study conducted by the present 
inventors, it is found that when utilizing an information 
network such as the Internet the operator executes a 
log-In process as a start procedure of communication 
service and accesses a server of an Internet provider, 
which provides connection to the Internet. 
[0003] In this log-in processing, the operator inputs in- 
fomnatlon such as a password and a user name from a 
temiinat (client) such as a computer The server deter- 
mines whether those kinds of information are correct If 
correct, communication service is provided. 
[0004] Furthemnore, In recent years, as business In- 
creases In which use of tenninals Is required, the tennl- 
nals stores therein a large amount of computer files re- 
quiring security, such as data and programs concerning 
secrets of companies. 

[0005] In such a terminal storing computer files, utili- 
zation restriction Is applied to those computer files and 
the computer files are protected thereby in some cases. 
[0006] Furthermore, in a method generally known as 
an example of a technique for restricting utilization of a 
computer file, the user previously registers a password, 
a user name, and so on in a terminal. When using a com- 
puter file subjected to utilization restriction, the operator 
Inputs the password and the user name. Those kinds of 
infomiatlon is collated with the previously registered In- 
fomnatlon. As a result, user authentication Is conducted, 
and utilization restriction is canceled. 
[0007] For example, such a data protection and ille- 
gality prevention function is described in detail in "infor- 
mation Processing Handbook" edited by Information 
Processing Society of Japan and published by Ohmsha 
Ltd. on November 20, 1993, pp. 1265 to 1267. In this 
document, data protection and illegality prevention tech- 
niques in computer systems are described. 

SUMMARY OF THE INVENTION 

[0008] However, the present Inventors have found 
that there are the following problems in the log-in 
processing technique of communication service as de- 
scribed above. 

[0009] Namely, a password Is set as a security coun- 
tenneasure but the password must be complicated if re- 
quiring for further enhancing the security. Therefore, 
password management of users, such as recitation and 
concealment of the password, becomes a burden. 



[0010] Furthenmore, Inthe log-In processing, the serv- 
er conducts only collation of the password and the user 
name. Therefore, if the user name, password, or the like 
is known to a third person, there is a risk that a third 

5 person other than the user will impersonate the regular 
user and be logged in the server. 
[0011] in addition, also in the case where utilization 
restriction Is applied to a computer file stored in a temni- 
nal , only collation of the password and user name is con- 

10 ducted in the same way. Therefore, the password man- 
agement becomes, a burden. And there may be a risk 
that the password, user name, or the like will be known 
to a third party and the computer file will be used without 
authorization or falsified. 

15 [0012] An object of the present invention is to provide 
a restriction method for utilization of computer file with 
use of biometrical information, a method of logging in a 
computer system, and a recording medium, capable of 
ensuring high security and certainly restricting the com- 

20 puter file use by a third party other than the authorized 
user without using a password when logging in a server 
via an Information network. 

[001 3] A restriction method for utilization of computer 
file according to the present invention includes the steps 

25 of: storing first biometrical Infomiatlon previously In a 
computer, the first biometrical infomnatlon identifying an 
ariDltrary user individual and obtained from Individual 
identification information Input means; obtaining second 
biometrical information of an operator from the individ- 

30 ual Identification information Input means when the op- 
erator uses the computer; collating the first biometrical 
information with the obtained second biometrical Infor- 
mation, authenticating that the operator is the user if a 
match is obtained between the first biometrical informa- 

35 tion and the second biometrical information, and cance- 
ling utilization restriction of a computer file subjected to 
utilization restriction set therefor. 
[001 4] In a restriction method for utilization of compu- 
ter file according to the present Invention, each of the 

40 first biometrical Information and the second biometrical 
infomiation is fingerprint information. 
[001 5] In a restriction method for utilization of compu- 
ter file according to the present invention, the computer 
file subjected to utilization restriction is at least one of a 

45 folder, data, and a program. 

[0016] A recording medium according to the present 
Invention has a program recorded thereon. The program 
causes execution of the steps of: collating first biomet- 
rical infomnatlon with second biometrical Information, 

50 the first biometrical Infomiatlon Identifying an artDitrary 
user Individual and being previously stored in a compu- 
ter, the second biometrical infomiatlon being obtained 
from an operator when using the computer; and authen- 
ticating that the operator is the user If a match Is ob- 

55 tained between the first biometrical infomnatlon and the 
second biometrical infomiation, and canceling utiliza- 
tion restriction of a computer file subjected to utilization 
restriction set therefor. 
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[0017] A method for logging In a connputer system ac- 
cording to the present invention includes the steps of: 
storing first biometrical information previously in a com- 
puter to be provided with communication service and 
previously in a computer system that provides the com- 
puter with communication service, the first biometrical 
Information identifying an arbitrary user individual and 
being obtained from individual identification information 
input means; receiving in the computer a random key 
outputted from the computer system when the computer 
logs in the computer system; obtaining second biomet- 
rical information of an operator from the individual iden- 
tification infonmation input means when the operator us- 
es the computer; collating the first biometrical informa- 
tion with the second biometrical information, authenti- 
cating that the operator is the user if a match is obtained 
between the first biometrical information and the second 
biometrical information, and encrypting the first biomet- 
rical infomiation by using the received random key; gen- 
erating a log-In packet having the encrypted first biomet- 
rical inf omnation and the second biometrical infomiation, 
and transmitting the log-in packet to the computer sys- 
tem; and decrypting the first biometrical information of 
the received log-in packet, by the computer system col- 
lating the decrypted first biometrical infomfiation with the 
second biometrical information of the received log-in 
packet, authenticating that the operator is the user if a 
match is obtained between the first biometrical infomia- 
tion and the second biometrical information of the log- 
in packet, and pemnitting the computer to log In the com- 
puter system. 

[0018] In a method for logging in a computer system 
according to the present invention, each of the first bio- 
metrical infomiation and the second biometrical infor- 
mation is fingerprint information. 
[0019] A recording medium according to the present 
invention has a first program and a second program re- 
corded thereon. When a computer to be provided with 
communication service logs in a computer system that 
provides the computer with communication service, the 
first program enables the computer system to execute 
the steps of: transmitting a random key to the computer; 
decrypting first biometrical Information of a received log- 
in packet, and collating the decrypted first biometrical 
Infomiation with second biometrical infomiation of the 
received log-in packet; and authenticating that an oper- 
ator is a user if a match Is obtained between the decrypt- 
ed first biometrical infomriation and second biometrical 
Infonnation of the received log-In packet, and pemnitting 
log in of the computer. The second program enables the 
computer to execute the steps of: collating previously 
stored first biometrical information with second biomet- 
rical information, the first biometrical information identi- 
fying an arbitrary user individual, the second biometrical 
infomnation being obtained from an operator when using 
the computer; authenticating that the operator is the us- 
er if a match is obtained between the first biometrical 
infomiation and the second biometrical information, and 



4 

encrypting the first biometrical infonnation by using the 
inputted random key; and generating a log-in packet 
having the encrypted first biometrical Information and 
the second biometrical infonnation, and transmitting the 
5 log-in packet to the computer system. 

BRIEF DESCRIPTIONS OF THE DRAWINGS 

[0020] 

10 

Fig. 1 Is a diagram of a communication system ac- 
cording to an embodiment 1 of the present inven- 
tion; 

Fig. 2 is a flow chart In log-in processing of a com- 
15 munication system according to an embodiment 1 
of the present invention; 

Fig. 3A is a diagram of a log-in packet generated by 
a terminal according to an embodiment 1 of the 
present invention, Fig. SB is a diagram of a log-in 
20 packet transmitted to a server, and Fig. 3C Is a di- 
agram of a log-In packet resolved by a server; and 
Fig. 4 is a flow chart of log-in processing conducted 
by a terminal subjected to utilization restriction of a 
computer file by a file utilization restriction manage- 
rs ment program according to an embodiment 2 of the 
present invention. 

DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

30 

[0021] Hereafter, embodiments of the present inven- 
tion will be described in detail by referring to drawings. 

(Embodiment 1) 

35 

[0022] Fig. 1 is a diagram of a communication system 
according to an embodiment 1 of the present Invention. 
Fig. 2 Is a flow chart of log-in processing of a communi- 
cation system according to an embodiment 1 of the 

40 present invention. Fig. 3A is a diagram of a log-in packet 
generated by a tenninal according to an embodiment 1 
of the present invention. Fig. 38 is a diagram of a log- 
in packet transmitted to a server. Fig. 30 is a diagram 
of a log-in packet resolved by a server. 

45 [0023] In the present embodiment 1 , a communica- 
tion system 1 includes a plurality of terminals (comput- 
ers) 2 and a server (computer system) 3. Each of the 
terminals 2 is a work station, a personal computer, or 
the like, and is connected to the server 3 via network K, 

50 such as a telephone network, a private network, or a 
computer network, i.e., the so-called Internet. 
[0024] Furthemnore, the tenninal 2 includes a mouse 
2a, whk;h is a kind of an input/output device. This mouse 
2a includes an individual identification infonnation input 

55 device (individual identification information input 
means) 2b. The individual identification infonnation in- 
put device 2b is adopted to obtain fingerprint infonnation 
(biometrical infonnation) YS. 
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[0025] The individual Identification information input 
device 2b may be provided not in the mouse 2a, but in 
a display section or a keyboard of the tenr^lnal 2. Or the 
individual identification information input device 2b may 
also be provided independently of them. 
[0026] In the terminal 2, a storage device (recording 
medium) is provided. In this storage device, there are 
stored an Internet communication program such as 
WWW (World Wide Web) browser for accessing the 
server 3 and browsing home pages; registered finger- 
print infonnation (biometrical infomiation) TS for identi- 
fication, which was previously registered; a user code 
UC; and an authentication infonnation management 
program (second program), 

[0027] Here, the case where fingerprint information is 
used as individual recognition infonnation will be de- 
scribed. Besides, there are considered a face shape, an 
ear shape, a retinal pattern, a voiceprint, and a holo- 
graph as the individual recognition infonnation (biomet- 
rical infonnation). 

[0028] The terminal 2 is connected to the server 3 via 
the network K, and is provided with communication serv- 
ice. The server 3 unitarily manages and provides infor- 
mation requested by the server 2. 
[0029] Furthemriore, also in the storage device (re- 
cording medium) provided in the server 3, an authenti- 
cation information management program (first program) 
Is stored in the same way. This authentication infonna- 
tion management program is software for detennining 
whether the operator of the terminal 2 Is a regular user 
on the basis of fingerprint collation to conduct authenti- 
cation. Only in the case that a match is obtained, the 
authentication infomiation management program per- 
mits logging in the server 3. 

[0030] The log-in processing of the communication 
system 1 in the present embodiment 1 will now be de- 
scribed by referring to Fig. 1 , a flow chart of Fig. 2, and 
diagrams of a log-in packet LP of Figs. 3A to 3C. 
[0031] First, the operator starts the Internet commu- 
nication program installed in the tenninai 2, and access- 
es the server 3. If the tenninai 2 is connected to the serv- 
er 3 by the Internet communication program, then data 
of a log-in page and a random key RK are sent from the 
server 3 (step S101). The terminal 2 receives the ran- 
dom key RK, and the log-in page is displayed on a dis- 
play section (step SI 02). 

[0032] And the operator inputs fingerprint information 
YS of the operator himself or herself by using the indi- 
vidual identification infonnation input device 2b provided 
in the mouse 2a (step S1 03). The terminal 2 collates the 
fingerprint infonnation YS with the registered fingerprint 
infonnation TS, which was previously registered (step 
SI 04), and detennines whether a match is obtained be- 
tween those two data (step S1 05). 
[0033] If the fingerprint information YS is matched 
with the registered fingerprint information TS in the 
processing of the step S105, then the tenninai 2 gener- 
ates a log-in packet LP (step S106), and transmits the 
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log-in packet LP to the server 3 (step S107). If the fin- 
gerprint information YS is not matched with the regis- 
tered fingerprint infonnation TS, which was previously 
registered, in the processing of the step S105, then au- 
5 thentication is not obtained and the log-in processing is 
suspended. 

[0034] Generation of the log-in packet LP will now be 
described. 

[0035] As shown in Fig. 3A, the terminal 2 collates fin- 
10 ger print infonnation YS, which has been read, with the 
registered fingerprint infonnation TS, which was previ- 
ously registered. Only at the time of infomiation 
matched, the terminal 2 takes out a user code UC from 
the storage device of the tenninai 2. 
15 [0036] And the terminal 2 encrypts the registered fin- 
gerprint information TS on the basis of the random key 
RK received in the processing of the step SI 01 when 
the tenninai 2 logged In the server 3. In addition, the 
tenninai 2 encrypts the fingerprint information YS as well 
20 bycombinlngtheusercodeUCtherewlth, generatesthe 
log-in packet LP, and transmits the log-in packet LP to 
the server 3. 

[0037] As shown in Fig. 38, the log-in packet LP is 
fonned of a user name UN, the user code UC, encrypted 

25 registered fingerprint information TS, and the fingerprint 
infonnation YS combined with the user code UC. 
[0038] Since the registered fingerprint infonnation TS 
is encrypted by the random key RK, the registered fin- 
gerprint information TS always becomes different infor- 

30 mation when it Is transmitted to the sen/er 3 as the log- 
in packet LP. On the other hand, the fingerprint infonna- 
tion YS becomes different infonnation each time it is 
read, because of a difference in angle and position of a 
finger. Therefore, the fingerprint information YS also be- 

35 comes different information, when it is transmitted to the 
server 3 as the log-in packet LP. 
[0039] Furthermore, the user code UC is infonnation 
obtained from the storage device of the tenninai 2 only 
when the fingerprint information YS is matched with the 

40 registered fingerprint information TS. The user code UC 
is previously stored in the server 3 as well. 
[0040] If the server 3 receives the log-In packet LP 
(step S108), then the sen/er resolves the log-in packet 
LP (step S109). In the processing of the step S109, the 

45 log-in packet LP is resolved into the registered finger- 
print information TS decrypted by using the random key 
RK transmitted to the terminal 2, into the fingerprint in- 
fonnation YS obtained from the user code UC, and into 
the user code. 

50 [0041] And the server 3 collates the decrypted regis- 
tered fingerprint information TS with the fingerprint in- 
fonnation YS obtained from the user code UC (step 
S110), and thereby determines whether the decrypted 
registered fingerprint infonnation TS Is matched with the 

55 fingerprint infonnation YS obtained from the user code 
UC (step S111). 

[0042] If the fingerprint information YS is matched 
with the registered fingerprint infonnation TS in the 
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processing of the step S111 , then the server 3 collates 
the user code UC transmitted from the terminal 2 with 
the user code UC previously stored In the server 3 (step 
S112) and determines whether a match is obtained be- 
tween these two user codes UC (step S113). 
[0043] If the two user codes UC are not matched with 
each other in the processing of the step S1 13, then au- 
thentication is not obtained and the log-in processing is 
suspended. If the two user codes UC are matched with 
each other in the processing of the step S113, then the 
server 3 authenticates that the operator is the user him- 
self or herself, and pennits log in (step S114), and the 
user of the temnlnal 2 is provided with desired service 
(step S1 15). 

[0044] The log-in packet LP is not transmitted to the 
server 3 in the present embodiment 1 , unless the regis- 
tered fingerprint infomnatlon TS previously registered in 
the temrilnal 2 is matched with the fingerprint Information 
YS inputted from the individual identification information 
Input device 2b when utilizing the temnlnal 2 and thereby 
fingerprint authentication is obtained. Therefore, it is 
possible to positively prevent a person who uses the us- 
er code UC without authorization from impersonating 
the authorized user. 

[0045] Furthemnore, since the fingerprint information 
YS and the registered fingerprint infonmation included 
in the log-in packet LP transmitted to the server 3 are 
changed whenever they are transmitted, falsification, 
unauthorized acquisition, and unauthorized use of the 
log-in packet LP can be made impossible. 
[0046] FurthenDore, since the password of the user 
can be made unnecessary, the burden of the user and 
the manager who manages the password can be elim- 
inated. 

(Embodiment 2) 

[0047] Fig. 4 is a flow chart of log-in processing con- 
ducted by a terminal subjected to utilization restriction 
of a computer file by a file utilization restriction manage- 
ment program according to an embodiment 2 of the 
present Invention. 

[0048] In the present embodiment 2, a communica- 
tion system 1 (Fig. 1) includes a plurality of tennlnals 2 
and a server 3, in the same way as the above described 
embodiment 1 . The temiinals 2 are connected to the 
server 3 via network K. 

[0049] In a storage device of the tenminal 2, there is 
stored a file utilization restriction management program 
besides an Internet communication program such as 
WWW browser, registered fingerprint Infonnatlon TS for 
identifk;ation which is previously registered, and a user 
name. 

[0050] The file utilization restriction management pro- 
gram is a program for restricting the utilization of a pre- 
set computer file, such as a folder, data, or a program, 
stored in, for example, a storage device of the terminal 
2. Therefore, any one of the pertinent folder data, or 



program Is subjected to the utilization restriction by the 
file utilization restriction management program. 
[0051] In the terminal 2 as well, there is provided a 
mouse 2a including an individual identification infomna- 
tion input device 2b, in the same way as the above de- 
scribed embodiment 1 . The individual identification in- 
fomnatlon input device 2b is adopted to obtain fingerprint 
infomnation YS of the user. 

[0052] In the embodiment 2 as well, the individual 
identification infonnatlon input device 2b may be provid- 
ed not in the mouse 2a, but in a display section or a 
keyboard of the temnlnal 2. Or the individual identifica- 
tion infomnation input device 2b may also be provided 
Independently of them. Furthemnore, the individual rec- 
ognition infomnatlon for authenticating the user may be 
a face shape, an ear shape, a retinal pattern, a voice- 
print, or a holograph, instead of fingerprint infomnation. 
[0053] A user authentication technique using the file 
utilization restriction management program stored In the 
temnlnal 2 wilt now be described. 
[0054] As an example, the case where a user name 
stored in the terminal 2, and a password for utilizing a 
token, which is software for creating a response code, 
are subjected to utilization restriction will now be de- 
scribed. 

[0055] Furthemnore, it is assumed that in the case 
where the server 2 is pemnitted to log in the server 3 a 
one-time password is used in order to avoid the risk that 
log-in infonnation (user name) Is stolen or used without 
authorization. 

[0056] First, the operator starts the Internet commu- 
nication program Installed In the terminal 2 to access the 
server 3. The terminal 2 is connected to the server 3 by 
the Internet communication program, and then data of 
a log-in page Is sent from the server 3 (step S201 ), and 
the log-in page is displayed on a display section of the 
temnlnal 2. 

[0057] The operator inputs fingerprint infonnatlon YS 
of the operator himself or herself by using the individual 
identification information input device 2b (step S202). 
The temnlnal 2 collates the fingerprint Infonnation YS 
with the registered fingerprint Infomnatlon TS, which was 
previously registered, (step 8203), and detemnlnes 
whether a match is obtained between those two Infor- 
mation pieces (step S204). 

[0058] If the two fingerprint infomnation pieces are 
marched with each other, then utilization restriction of 
the user name Is canceled, and the user name is ob- 
tained from the storage device of the tennlnal 2 (step 
S205). If the two fingerprint infonnation pieces are not 
matched with each other in the processing of the step 
SI 04, then the log-in processing is suspended. 
[0059] Only in the case where the user is authenticat- 
ed by using the fingerprint Infonmation, it becomes pos- 
sible for the terminal 2 to read out the user name. As a 
result, unauthorized use of the user name caused by 
theft or the like can be prevented. 
[0060] The obtained user name is transmitted to the 
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server 3 (step S206). If the server 3 receives the user 
name (step S207), the server 3 then generates a chal- 
lenge code to be used in the one time password (step 
S208). The challenge code is generated by the server 
3 each time log-in is conducted. 
[0061] The generated challenge code is transmitted 
to the temiinal 2 (step S209). The challenge code is re- 
ceived by the temiinal 2 (step S21 0). 
[0062] In order to conduct the user authentication 
again, the fingerprint information YS is to be obtained in 
the terminal 2 by the individual identification Input device 
2b (step S211), and collates the fingerprint Information 
YS with the registered fingerprint Information TS (step 
S212). 

[0063] In the processing of the step S212, it is deter- 
mined whether a match is obtained between those two 
pieces of fingerprint information (step S213). If the two 
pieces of fingerprint information are matched with each 
other, then a password for utilizing the token, I.e., the 
so-called PIN code is obtained from the storage device 
of the terminal 2. Furthermore, If the two pieces of fin- 
gerprint Infomriation are not matched with each other, 
the log-in processing is then suspended. 
[0064] By the processing of the steps S211 to S21 4, 
the utilization restriction of the token is canceled. Fur- 
thermore, in this case as well, it becomes possible for 
the terminal 2 to read out the PIN code, only when the 
user is authenticated on the basis of the fingerprint in- 
fonnatlon. Therefore, it is possible to prevent unauthor- 
ized utilization of the token by a leakage or the like of 
the PIN code. 

[0065] The terminal 2 is adopted to obtain the token 
on the basis of the obtained PIN code, and generates a 
response code by utilizing the token (step S214). The 
terminal 2 returns the generated response code to the 
servers (step S215). 

[0066] The server 3 conducts collation of the received 
response code and challenge code (steps S216 and 
S21 7), and detemiines whether a match is obtained be- 
tween those codes (step S21 8). 
[0067] If the codes are matched in the processing of 
the step S218, then the server 3 authenticates that the 
operator is the user himself or herself and pennits log 
in (step S21 9), and the user of the terminal 2 is provided 
with desired service (step S220). If the codes are not 
matched, the server 3 then suspends the log-in process- 
ing. 

[0068] The pertinent computer file is made unusable, 
unless the registered fingerprint information TS, which 
was previously registered, is matched with the finger- 
print infomnation YS inputted from the individual identi- 
fication Infomiation input device 2b when utilizing the 
tenninal 2. Therefore, it is possible to positively prevent 
unauthorized use of the computer file. 
[0069] Furthennore, since the password of the user 
can be made unnecessary, the burden of the user and 
the manager who manages the password can be elim- 
inated. 



[0070] The present invention is not limited to the 
above described embodiments. It is a matter of course 
that vanous changes can be made without departing 
from the spirit and scope of the present invention. 
5 [0071] The present invention brings about the follow- 
ing advantages: 

(1) According to the present invention, the pertinent 
computer file is made unusable, unless previously 

10 registered first biometrical infomnation coincides 
with second biometrical information inputted at the 
time of utilization, when utilizing a computer file hav- 
ing utilization restriction set therefor. Therefore, it Is 
possible to positively prevent unauthorized use of 

15 the computer file; 

(2) Unless first biometrical infomiation previously 
registered in a computer is matched with second bi- 
ometrical InfoHDation inputted at the time of utiliza- 
tion of the computer and thereby biometrical au- 

20 thenticatlon Is obtained, a log-In packet Is not trans- 
mitted to a computer system, in the present inven- 
tion. Therefore, it is possible to prevent a person 
who impersonates the user from logging In the com- 
puter system; 

25 (3) Since first biometrical infomnation Included In the 
log-in packet transmitted to the computer system is 
changed whenever It is transmitted, falsification, 
unauthorized acquisition, and unauthorized use of 
the log-in packet can be made impossible in the 

30 present invention; and 

(4) Furthemfiore, according to the present invention, 
password management becomes unnecessary, 
and the burden of the password manager can be 
eliminated. 

35 

Claims 

1 . A restriction method for utilization of computer file, 
40 comprising the steps of: 

storing first biometrical Information previously 
in a computer, said first biometrical infomnation 
identifying an ariaitrary user individual and ob- 
45 tained from individual Identification infomnation 

input means; 

obtaining second biometrical information of an 
operator from said Individual identification in- 
fonnation input means when the operator uses 

so said computer; 

collating said first biometrical information with 
the obtained second biometrical information, 
authenticating that the operator is the user If a 
match is obtained between said first biometrical 

55 infomnation and said second biometrical infor- 

mation, and canceling utilization restriction of a 
computer file subjected to utilization restriction 
set therefor. 
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2. A restriction method for utilization of computer file 
according to claim 1 , wherein each of said first bio- 
metrical infomiation and said second biometrical in- 
formation is fingerprint infomiation. 

5 

3. A restriction method for utilization of computer file 
according to claim 2, wherein said computer file 
subjected to utilization restriction is at least any one 
of a folder, data, and a program. 

10 

4. A restriction method for utilization of computer file 
according to claim 1 , wherein said computer file 
subjected to utilization restriction is at least any one 
of a folder, data, and a program. 

15 

5. A recording medium having a program recorded 
thereon, said program causing execution of the 
steps of: 

collating first biometrical information with sec- 20 
ond biometrical information, said first biometri- 
cal infomiation identifying an arbitrary user in- 
dividual and being previously stored In a com- 
puter, said second biometrical information be- 
. Ing obtained from an operator when using said 25 
computer; and 

authenticating that the operator is the user if a 
match is obtained between said first biometrical 
infomiation and said second biometrical infor- 
mation, and canceling utilization restriction of a so 
computer file subjected to utilization restriction 
set therefor. 

6. A method for logging in a computer system, com- 
prising the steps of: ^5 

storing first biometrical infomnation previously 
in a computer to be provided with communica- 
tion service and previously in a computer sys- 
tem that provides said computer with commu- 40 
nication service, said first biometrical infomia- 
tion identifying an arbitrary user individual and 
being obtained from individual identification in- 
fomiation input means; 

receiving In said computer a random key out- 45 
putted from said computer system when said 
computer logs in said computer system; 
obtaining second biometrical infonnation of an 
operator from said individual identification in- 
fo mriation Input means when the operator uses so 
said computer; 

collating said first biometrical information with 
said second biometrical information, authenti- 
cating that the operator is the user if a match is 

obtained between said first biometrical infomna- 55 
tlon and said second biometrical infonnation, 
and encrypting said first biometrical information 
by using said received random Icey; 



generating a log-in packet having said encrypt- 
ed first biometrical infonnation and said second 
biometrical infonnation, and transmitting said 
log-in packet to said computer system; and 
decrypting said first biometrical information of 
said received log-in packet by said computer 
system, collating said decrypted first biometri- 
cal information with said second biometrical In- 
formation of said received log-in packet, au- 
thenticating that the operator is the user if a 
match is obtained between said first biometrical 
infonnation and said second biometrical infor- 
mation of said log-in packet, and pemriltting 
said computer to log in said computer system. 

7. A method for logging In a computer system accord- 
ing to claim 6, wherein each of said first biometrical 
infonnation and said second biometrical infonna- 
tion is fingerprint infonnation. 

8. A recording medium having a first program and a 
second program recorded thereon, 

when a computer to be provided with commu- 
nication service logs in a computer system that pro- 
vides said computer with communication service, 
said first program enabling said computer system 
to execute the steps of: 

transmitting a random key to said computer; 
decrypting first biometrical infonnation of a re- 
ceived log-in packet, and collating said decrypt- 
ed first biometrical information with second bi- 
ometrical infonnation of said received log-in 
packet; and 

authenticating that an operator is a user if a 
match is obtained between said decrypted first 
biometrical infonnation and second biometrical 
information of said received log-In packet, and 
pemnitting log-in of said computer; and 
said second program enabling said computer 
to execute the steps of: 

collating previously stored first biometrical 
Infonnation with second biometrical infor- 
mation, said first biometrical infomiation 
identifying an arbitrary user individual, said 
second biometrical infonnation being ob- 
tained from an operator when using said 
computer; 

authenticating that the operator Is the user 
if a match is obtained between said first bi- 
ometrical infomiation and said second bio- 
metrical infonnation, and encrypting said 
first biometrical infonnation by using said 
inputted random key; and 
generating a log-In packet having said en- 
crypted first biometrical Infomnation and 
said second biometrical information, and 
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transmitting said tog-in packet to said conrv 
puter system. 
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